Access, Education and Security - Information Management Today

Pennsylvania State Education Association data breach impacts 500,000 individuals

Security Affairs

MARCH 20, 2025

A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals. The Pennsylvania State Education Association (PSEA) suffered a data breach that impacted 517,487 individuals. PSEA is affiliated with the National Education Association (NEA).

Education

Education Data breaches Passwords Insurance

Alabama State Department of Education suffered a data breach following a blocked attack

Security Affairs

JULY 7, 2024

Alabama’s education superintendent disclosed a data breach following a hacking attempt on the Alabama State Department of Education. The Alabama State Department of Education announced it had thwarted a ransomware attack on June 17, however, threat actors accessed some data and disrupted services before the attack was stopped.

Education

Education Data breaches Ransomware Access

K12 education giant paid the ransom to the Ryuk gang

Security Affairs

DECEMBER 2, 2020

Online education giant K12 Inc. The education company Online education giant K12 Inc. is a for-profit education company that sells online schooling and curricula. is a for-profit education company that sells online schooling and curricula. “K12 Inc. .” Pierluigi Paganini.

Education

Education Ransomware Insurance Access

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. Warn “Small businesses face a unique set of cybersecurity challenges and threats and must be especially proactive with cybersecurity training,” said Dara Warn, CEO of INE Security. “At Cary, NC, Oct.

Security

Security Data breaches Passwords Cybersecurity

Iranian hackers access unsecured HMI at Israeli Water Facility

Security Affairs

DECEMBER 4, 2020

A group of Iranian hackers gained access to a un unprotected ICS at an Israeli Water Facility and posted a video as proof of the hack. Researchers from industrial cybersecurity firm OTORIO revealed that a group of Iranian hackers gained access to a un unprotected ICS at the Israeli Water Facility. ” concludes the post.

Access

Access Agriculture Authentication Education

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach.

Education

Education Data breaches Ransomware Access

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. In recent years, multiple threat actors, including the group TA569 , have been observed using the software as a Remote Access Trojan (RAT).

Education

Education Government Business Services Archiving

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Security Affairs

DECEMBER 19, 2024

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. through 8.6.5

Authentication

Authentication Access Education IT

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Storm-2372s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East.” ” continues the report.

Phishing

Phishing Authentication Access Government

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network.

Access

Access Ransomware Passwords Sales

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

OCTOBER 14, 2021

Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. Louis Post-Dispatch for reporting a security vulnerability that exposed teacher SSNs.

Security

Security Education Computer and Electronics Access

Peugeot leaks access to user information in South America

Security Affairs

APRIL 25, 2023

A brand, best known for its lion roaring for over a century, has leaked access to its user data in Peru. And while the country is not that big of a market for the car maker, this discovery is yet another example of how big and well-known brands fail to secure sensitive data. env) hosted on the official Peugeot store for Peru.

Access

Access Education Encryption Passwords

Port of Seattle ‘s August data breach impacted 90,000 people

Security Affairs

APRIL 5, 2025

The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. While our response and recovery are still ongoing, we wanted to share updated information about what happened, what we have been doing, and how we are further strengthening our security.

Data breaches

Data breaches Ransomware Manufacturing Education

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

“According to the indictment, Ptitsyn facilitated the worldwide use of a dangerous ransomware strain to target corporations and various organizations, including government agencies, healthcare facilities, educational institutions, and critical infrastructure.

Ransomware

Ransomware Education Sales Government

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI has observed incidents of stolen higher education credential information posted on publically accessible online forums or listed for sale on criminal marketplaces.

Sales

Sales Education Phishing Passwords

The state of secure information management: Strategies for securing access and protecting sensitive data

OpenText Information Management

NOVEMBER 27, 2024

But before then, we’ll be sharing proprietary research from the upcoming State of Secure Information Management where we explore strategies to enable secure access and protect sensitive data. This presents an opportunity for education and training programs in the industry. We look forward to sharing the rest.

Access

Access Security Data Privacy Compliance

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

The man is accused of multiple crimes, including the discovery and disclosure of secrets, illegal access to computer systems, computer damage and money laundering. “ At the international level, there has been collaboration with EUROPOL and the Homeland Security Investigations (HSI) of the USA.”

Data breaches

Data breaches Information Security Government Access

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Krebs on Security

FEBRUARY 22, 2022

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. Louis Post-Dispatch for reporting a security vulnerability that exposed teacher SSNs. In October 2021, St.

Education

Education Access Security Communications

Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

Security Affairs

AUGUST 6, 2024

Hackers breached the mobile device management (MDM) firm Mobile Guardian, the company detected unauthorized access to iOS and ChromeOS devices on August 4th. The Ministry of Education (MOE) in Singapore confirmed that the incident heavily impacted students in the country. ” reported the MOE.

MDM

MDM Education Access Security

ChaChi, a GoLang Trojan used in ransomware attacks on US schools

Security Affairs

JUNE 24, 2021

. “These actors are utilizing advanced knowledge of enterprise networking and security misconfigurations to achieve lateral movement and gain access to the victim’s environments.” The malware was recently employed in attacks against large US schools and education organizations. . Pierluigi Paganini.

Ransomware

Ransomware Education Cybersecurity Government

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 11, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Marketing

SAP April 2023 security updates fix critical vulnerabilities

Security Affairs

APRIL 12, 2023

SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. CVE-2023-28765 : An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) – versions 420, 430, can exploit the issue to access to lcmbiar file and further decrypt the file.

Security

Security Education Passwords Authentication

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JULY 7, 2024

Every week the best security articles from Security Affairs are free in your email box. GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io A new round of the weekly SecurityAffairs newsletter arrived!

Data breaches

Data breaches Security Mining Education

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The group managed to maintain access without being detected for as long as possible. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. and Guam without being detected.

e-Discovery

e-Discovery Communications Ransomware Government

National Student Clearinghouse data breach impacted approximately 900 US schools

Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The security breach resulted from a cyber attack exploiting a vulnerability in the MOVEit managed file transfer (MFT).- The issue occurred on or around May 30, 2023.”

Data breaches

Data breaches Education Ransomware Cybersecurity

Sky.com servers exposed via misconfiguration

Security Affairs

OCTOBER 9, 2021

CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain, containing what appear to be production-level database access credentials, as well as addresses to development endpoints. Access to the configuration file has now been disabled. Who had access? Original post @ [link].

IoT

IoT Access Ransomware Education

Microsoft Announces Security Update with Windows Resiliency Initiative

eSecurity Planet

DECEMBER 4, 2024

Microsoft recently announced that they’re making changes to their Windows operating system to improve security and reliability. During the Ignite 2024 conference, Microsoft announced the Windows Resiliency Initiative to address these security concerns.

Security

Security Phishing Encryption Passwords

Western Digital took its services offline due to a security breach

Security Affairs

APRIL 3, 2023

Western Digital disclosed a security breach, according to the company an unauthorized party gained access to multiple systems. Western Digital has shut down several of its services after discovering a security breach, the company disclosed that an unauthorized party gained access to multiple systems.

Security

Security IT Cloud Ransomware

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

OCTOBER 30, 2021

MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. CIOs and security managers could also use the list to assess the efficiency of their program to secure hardware within in their organizations.

Manufacturing

Manufacturing Access Education Security

Credential Flusher, understanding the threat and how to protect your login data

Security Affairs

SEPTEMBER 18, 2024

This mode limits the user’s ability to close the browser or access other applications, making it easier for hackers to obtain the desired information. Why and how to protect ourselves Once the credentials are stolen, hackers can use them to access various online accounts, including banking, e-mail, and social media accounts.

Passwords

Passwords Authentication Education Phishing

Belgium Interior Ministry said it was hit by a sophisticated cyber attack

Security Affairs

MAY 26, 2021

“Urgent action was taken to prevent the attacker’s access” Maerens said. . Belnet (or the Belgian National research and education network ) is a Belgian internet provider for educational institutions, research centres, scientific institutes, and government services. Pierluigi Paganini.

IT

IT Education Government Communications

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. National Security Agency and Microsoft addressed it with the release of Microsoft October 2022 Patch Tuesday security updates.

IT

IT Education Cybersecurity Risk

China-linked APT Silk Typhoon targets IT Supply Chain

Security Affairs

MARCH 5, 2025

Microsoft reported that China-linked APT group Silk Typhoon has shifted tactics to target IT solutions like remote management tools and cloud apps for initial access. Though not directly attacking Microsoft cloud services, they exploit unpatched apps to escalate privileges and gain access to customer networks.

Energy and Utilities

Energy and Utilities IT Cloud Passwords

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The CVE-2022-22972 flaw affects Workspace ONE Access, VMware Identity Manager (vIDM), and vRealize Automation. reads the advisory published by the company. “A Searching on Shodan.io

Authentication

Authentication Cybersecurity Access Education

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs

NOVEMBER 12, 2023

The security breach took place in the State between May 28, 2023, and May 29, 2023. The software vulnerability was exploited by a group of cybercriminals and allowed them to access and download files belonging to certain agencies in the State of Maine between May 28, 2023, and May 29, 2023.” million individuals. percent and 26.0

Data breaches

Data breaches Insurance Education Cybersecurity

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. Today MSI confirmed the security breach, it confirmed that threat actors had access to some of its information service systems. ” reads a statement published by the company.

Ransomware

Ransomware Security Manufacturing Cybersecurity

A zero-day in Atlas VPN Linux Client leaks users’ IP address

Security Affairs

SEPTEMBER 6, 2023

A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN. “The client does not connect via a local socket or any other secure means but instead it opens an API on localhost on port 8076. It does not have ANY authentication.

Education

Education Authentication Cybersecurity IT

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks. The group now is targeting Cisco VPN products to gain initial access to corporate networks. or earlier).

Ransomware

Ransomware Authentication Access Education

Google Gmail client-side encryption is available globally

Security Affairs

FEBRUARY 28, 2023

Gmail client-side encryption (CSE) is now available for Workspace Enterprise Plus, Education Plus, and Education Standard customers. Google announced that Gmail client-side encryption (CSE) is now available for all Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

Encryption

Encryption Education Digital transformation Access

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Education Phishing

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. The FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors.”

Ransomware

Ransomware Encryption Passwords Government

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

ransomfeed #security #infosec #energychina pic.twitter.com/deRRximVPd — Ransomfeed (@ransomfeed) November 25, 2023 The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and infrastructure sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence.

Ransomware

Ransomware Manufacturing Education Libraries

Seiko confirmed a data breach after BlackCat attack

Security Affairs

OCTOBER 26, 2023

It appears that some as-yet-unidentified party or parties gained unauthorized access to at least one of our servers. Threat actors gained access to the network of the company and stole some data from its systems. “We had previously announced on August 10, 2023, about the unauthorized access to our servers (*).

Data breaches

Data breaches Ransomware Personal data Cybersecurity

Global CRM Provider Exposed Millions of Clients’ Files Online

Security Affairs

OCTOBER 5, 2023

Cloud-based customer relationship management systems allow a business or another organization to manage interactions with customers, store documents or other important business data and allow them to access it from anywhere. The records inside the database were publicly accessible to anyone with an internet connection.

Data breaches

Data breaches B2B Education Access

Pennsylvania State Education Association data breach impacts 500,000 individuals

Alabama State Department of Education suffered a data breach following a blocked attack

Webinars

Trending Sources

K12 education giant paid the ransom to the Ryuk gang

Webinars

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

Iranian hackers access unsecured HMI at Israeli Water Facility

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Storm-2372 used the device code phishing technique since August 2024

Who Is the Network Access Broker ‘Babam’?

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Peugeot leaks access to user information in South America

Port of Seattle ‘s August data breach impacted 90,000 people

Russian Phobos ransomware operator faces cybercrime charges

FBI: Compromised US academic credentials available on various cybercrime forums

The state of secure information management: Strategies for securing access and protecting sensitive data

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

ChaChi, a GoLang Trojan used in ransomware attacks on US schools

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

SAP April 2023 security updates fix critical vulnerabilities

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

China’s Volt Typhoon botnet has re-emerged

National Student Clearinghouse data breach impacted approximately 900 US schools

Sky.com servers exposed via misconfiguration

Microsoft Announces Security Update with Windows Resiliency Initiative

Western Digital took its services offline due to a security breach

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Credential Flusher, understanding the threat and how to protect your login data

Belgium Interior Ministry said it was hit by a sophisticated cyber attack

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

China-linked APT Silk Typhoon targets IT Supply Chain

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

The State of Maine disclosed a data breach that impacted 1.3M people

MSI confirms security breach after Money Message ransomware attack

A zero-day in Atlas VPN Linux Client leaks users’ IP address

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Google Gmail client-side encryption is available globally

Akira ransomware received $42M in ransom payments from over 250 victims

FBI issued a flash alert about Netwalker ransomware attacks

Rhysida ransomware gang claimed China Energy hack

Seiko confirmed a data breach after BlackCat attack

Global CRM Provider Exposed Millions of Clients’ Files Online

Stay Connected